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(54) IC card system and IC card 

(57) The present invention provides an IC card that 
allows a service provider doing a business of loading an 
application into the IC card to dynannically load the ap- 
plication into the IC card safely atterthe issuance of the 
IC card without mai<ing a contract directly with a card 
issuer issuing the IC card and without establishing a 
communication with the card issuer. The present inven- 
tion also provides an IC-card issuing rhethod for issuing 
the IC card and an IC-card operating method using the 
IC card. The card issuer issuing the IC card hands over 
an encryption key in advance to a third party other than 
the card issuer in order to entrust the third party with 
work to authenticate an application to be loaded or to 
allow the third party to function as an agent on behalf of 
the card Issuer. The card issuer issues an agent certifi- 
cation to the third parly to be used as evidence showing 
that the third party is an agent representing the card is- 
suer. A program having a function to verify validity of the 
agent certification into the IC card is capable of verifying 
validity of an application to be loaded. Problems are ex- 
pecied to arise in consequence of the popularization of 
the IC card are an increasing number of contracts made 
between service providers loading applications and 
card issuers as well as an increasing amount of com- 
munication traffic between the service providers and the 
card issuers. However, the number of contracts and the 
amount of traffic can be substantially reduced by the 
present invention. In addition, by placing an agent be- 
tween 2 parties, which cannot make a direct business 
contract and establish a normal communication, one of 



the parties is capable of loading an application into an 
IC card issued by the other party. 
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An application 106 is loaded or deleted in a process 
through the security domain 108. In addition, the secu- 
rity domain 108 Is entrusted with management of secu- 
rity information such as key data and management of 
data such as ID numbers In some cases. 5 
[0009] The conventional system for loading an appli- 
cation onto an IC card described above Is capable of 
dynamically loading and deleting an application while 
maintaining a high degree of security. In an operation 
among a plurality of card issuers and their service pro- io 
viders, however, there are raised some problems. 
[0010] As described above, a service provider needs 
to make a contract in advance with a card issuer issuing 
an IC card, on which the service provider desires to load 
an application. That is to say, the card issuer is in rela- ?5 
tionships based on contracts with all service providers, 
which each desire to load an application onto an IC card 
issued by the card issuer. When the card Issuer loads 
or deletes an application onto or from an IC card al a 
request made by a service provider, the application 
loading technique described above can be adopted. To 
be more specific, a service provider 803 in a relationship 
based on a contract with a card issuer 302 is capable of 
loading an application onto an IC card 11 by adopting 
the conventional method as shown in Fig. 5. However, 25 
a req uest to load an application may be made by a serv- 
ice provider 803, which did not make a complicated con- 
tract in advance with the card issuer 302 or does not 
request the card issuer 302 to catalog the application 
severally. In the first place, the fact that a plurality of ap- 30 
plications can be loaded into an IC card is a great ad- 
vantage and the fact that a plurality of services can be 
rendered is a big merit to the card issuer 302, which 
manages the IC cards, and the user using the cards. 
Thus, a demand for the capability of handling such a 35 
request made by the service provider 803 and the ca- 
pability of storing a plurality of applications as well as 
the capability of rendering a plurality of service Is ex- 
pected to rise year after year. With the contemporary 
application loading technique, it is impossible to render 40 
a service without making a contract in advance. As 
shown in Fig. 5, some information needs to be ex- 
changed between the service provider 803 and the card 
issuer 302. That is to say, in accordance with the con- 
ventional application loading system, a service provider ^5 
needs to make a contract in advance with each card Is- 
suer issuing an IC card, on which the service provider 
desires to load an application thereof. In addition, the 
service provider must obtain permission for loading an 
application Jrom;,^ cardjssuer when the application Is so 
load'ed onto an IC card issued by the card issuer. The 
following problems rise in the implementation of the con- '^^ 
ventional application loading system. 

(1 ) Relations based on contracts and communica- 55 
tion traffics during operations between card issuers 
and service providers increase in number and be- 
come complicated. 



In operations to mutually render services be- 
tween N card issuers and M service providers, N * 
M relationships based on contracts are established, 
resulting in a large number of contracts and a lot of 
communication traffic, during operations. Thus, the 
cost and the processing time increase and, as a re- 
sult, the price of the IC card eventually rises. 
(2) In actuality, enterprises are not capable of es- 
tablishing relationships based on contracts. 

Assume a case, in which an application pro- 
duced by a domestic enterprise is loaded onto an 
international iC card. In this case, making a direct 
contract between the domestic enterprise and the 
international card issuer is not so practical. The in- 
ternational card Issuer may conceivably establish a 
representative for handling businesses with domes- 
tic enterprises. However, It is difficult for the inter- 
national card issuer to make a direct contract and 
establish a communicallon with a business inslilu- 
tion, to which the service provider pertains. 

SUMMARY OF THE INVENTION 

[001 1 ] The present invention has the following 2 main 
aspects. The basic concepts and the main points of the 
aspects can be summarized briefly as follows. 
[0012] In accordance with a first main aspect of the 
present invention, an authentication issued by a third 
party other then the issuer of an IC card is used. An au- 
thentication issued by a third party other then the issuer 
of an IC card is referred to simply as an agent authen- 
tication. 

[0013] In accordance with a second main aspect of 
the present invention, an IC card has a security domain 
with a restricting function. The second aspect serves as 
a supplement to the first aspect to allow a more useful 
IC card system to be provided. 

[0014] In addition, in accordance with a third main as- 
pect of the present Invention, a combination of the con- 
cepts according to the first and second main aspects is 
used. In this way, an agent recognized by a card issuer 
is capable of serving as an agent to load an application 
into an IC card issued by the card Issuer under a condi- 
tion set forth by the card issuer. 

[0015] The following description explains the present 
invention by focusing on the basic concepts of the 

present invention mentioned above. 
[0016] First of all, the first aspect of the present inven- 
tion is explained. 

[0017]- A first mode of the present invention is in that 
an IC-card system comprising: 

a second organization, a third organization, and an 
on-line system between said second organization, 
said third organization, 

wherein: 
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a second organization is capable of supplying at 
least first characteristic infornnation characterizing 
a first organization involved in an issuance of an IC 
card as well as serving as data used for rendering 
a service and second special information of said 5 
second organization to a third organization involved 
in presentation of service information; and 
said third organization involved in presentation of 
service information is capable of supplying at least 
a program of a desired application, said first char- io 
acteristic information characterizing said first or- 
ganization involved in an issuance of an fC card as 
well as serving as data used for rendering a sen/ice 
and said second special information of said second 
organization to said iC card. is 

[0018] In the first place, more than anything else, the 
basic concept according to the first aspect is provided 
for solving the aforementioned problem that the number 
of relationships based on contracts and the amount of 20 
traffic during operations Increase. 

[0019] In order to implement the basic concept ac- 
cording to the present aspect, the concept of introduc- 
tion of an agent between a card Issuer and a service 
provider is embraced. It becomes necessary to estab- 25 
Hsh a system capable of loading an application without 
the need for the service provider to establish a direct 
communication with the card issuer. To put it concretely, 
by authentication of an agent business through pre-co- 
operation between the card issuer and the agent, the 30 
service provider is capable of loading an application 
without directly communicating with the card issuer. In 
addition, a system capable of maintaining security at the 
same level as the ordinary application loading system 
is required. 35 
[0020] The present invention provides an application 
loading system that is used for loading an application 
onto an IC card and satisfies the requirements de- 
scribed above, 

[0021] Fig. 6 is an explanatory diagram showing main 40 
elements of a system provided the present invention. In 
the system shown in the figure, an IC card 11 is issued 
by a card issuer 302. An A service provider 303 has 
made a contract with the card issuer 302 and Issues an 
application 801 to the IC card 11 by adoption of the or- ^5 
dinary application loading technique. On the other hand, 
a B service provider 803 has made a contract with an 
agent 901. 

[0022] A premise adopted by the present invention is 
that no communication is established between the serv- 50 
ice provider 803 and the card issuer 302 in order to solve 
the problems described above. Thus, the present inven- 
tion provides a technique of establishing indirect com- 
munication through an agent. That is to say, in accord- 
ance with this technique, the agent is entrusted with a 55 
job of permitting an operation to load an application used 
to be done by the card issuer and, in order to load an 
application onto an IC card, the service provider needs 



to communicate only with the agent. With a technique 
whereby only an agent needs to put a signature to an 
application, however, there are raised the following 
problems. In the first place, the validity of an IC card 
cannot be verified. In the second place, an unauthorized 
user is capable of loading an application without regard 
to the will of the card issuer. By the way, a signature put 
by an agent to an application is referred to hereafter as 
a message signature by an agent. It is needless to say 
that "the signature" means a signature in the technical 
field of coding theory. The typical example is a digital 
signature. The general theory about such a signature 
and a digital signature can be taught by for example, 
"CRYPTOGRAPHY: Theory and Practic" written by Da- 
grus Stynson and translated by Kouichi Sakurai, Chap- 
ter 6, especially page 217 to page 220 and "Handbook 
of Applied Crystalgraphy" (CRC Press. 1 996), page 433 
to page 434. 

[0023] An outline of a firsl embodiment or the present 
invention for solving the problems Is explained as fol- 
lows. In the first place, when a contract of cooperation 
is made between a card issuer and an agent, the card 
issuer hands over an agent certification in advance to 
the agent. The agent certification certifies the agent 
work done by the agent. In the second place, when the 
agent authenticates an application, the agent hands 
over a message signature by an agent and the agent 
certification to the service provider. In this way. in ac- 
cordance with the present Invention, the agent certifica- 
tion verifies the validity of an IC card issued by the card 
issuer preventing an unauthorized user from loading an 
application. 

[0024] A second embodiment of the present invention 
mainly supplements functions of the first embodiment, 
allowing a more useful IC-card system to be provided. 
In brief, an IC card has a security domain with the so- 
called restricting function. 

[0025] A second mode of the present invention is in 
that an IC-card system comprising: 

a second organization, a third organization, and an 
on-line system between said second organization, 
said third organization, 

wherein: 

a second organization is capable of supplying at 
least first characteristic information characterizing 
a first organization involved in an issuance of an IC 
card a^^weH'as serving as data used for rendering 
a service, second special information of said sec- 
ond organization- and a program having a condition 
on loading, service information into said IC card to 
a third organization involved in presentation of serv- 
ice information; and 

said third organization involved in presentation of 
service information is capable of supplying at least 
an application program, said first characteristic in- 
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formation, said second special information of said 
second organization, said program having a condi- 
tion on loading service information Into said IC card 
to said IC card and third characteristic information 
related to said program having a condition on load- 
ing service Information into said IC card to the IC 
card. 

[0026] With only the first embodiment of the present 
invention, once an agent certification is issued, the 
agent is provided with a power enabling the agent to 
load an unlimited number of applications. Even though 
operations are carried out in accordance with conditions 
stated in a cooperation contract, it is needless to say 
that the card issuer may desire to provide a power en- 
abling the agent to load only 1 application or a power 
enabling the agent to load applications within a set term 
of power validity. The second embodiment of the 
present invention is provided for satisfying such desires. 
[0027] As described earlier, the security domain is an 
area having data or an application for implementing 
functions such as loading, deletion and management of 
applications in the IC card. Thus, naturally, a security 
domain is created by a service provider. In the present 
invention, however, a card issuer creates a security do- 
main and hands over the security domain to a sen/ice 
provider through an agent to let the service provider 
function as a security domain. When creating a security 
domain, the card issuer sets conditions of a cooperation 
contract in the security domain such as the number of 
times to load applications and a term of validity, and 
transmits the security domain to the partner of cooper- 
ation. Of course, It Is necessary to embrace a substitu- 
tion preventing policy for the security domain. 
[0028] As shown in Fig. 6, a security domain 805 hav- 
ing a restricting function is created by a card issuer 302 
and stored In an IC card 11 as a security domain of a 
service provider 803. When the service provider 803 
loads an application 802, the service provider 803 re- 
quests an agent 901 to grant pemiission for loading the 
application 802. Receiving the request for such permis- 
sion, the agent 901 transmits a combination of an agent 
certification and a message signature by the agent 901 
to the inside of an A IC card 1 1 . The A IC card 1 1 verifies 
that the agent certification has been issued by the card 
issuer 302 correctly by referring to restricting conditions 
sel in the security domain with a reslricLing function. If 
the message signature by the agent 901 confirms the 
validity of the application 802 as a result of the verifica- 
tion of the agent certification, the A IC card 11 permits 
an operation to load the application 802. 

BRIEF DESCRIPTION OF THE DRAWINGS 

[0029] 

Fig. 1 is a diagram showing the basic configuration 
of an IC card; 



Fig. 2 is a diagram showing a typical system con- 
figuration used so far for issuing IC cards and ren- 
dering services; 

Fig. 3 is a diagram showing the basic configuration 
5 of an IC card having a security-domain unit; 

Fig. 4 is a diagram showing a typical conventional 
sequence for loading an application; 
Fig. 5 is an explanatory diagram used for describing 
problems encountered in the conventional tech- 
no nique; 

Fig. 6 is a diagram showing relations among an IC 
card, a card issuer and a service provider in the 
present invention; 

Fig. 7 is a diagram showing the basic configuration 
f5 of a system provided by the present invention; 

Fig. 8 is a diagram showing relations among an IC 
card, a card issuer and a service provider for imple- 
menting a message signature by an agent; 
Fig. 9 is a diagram showing a sequence for imple- 
^0 menting cooperation based on a message signa- 
ture by an agent; 

Fig. 10 is a diagram showing a sequence provided 
by the present invention for loading an application 
onto an IC card; 

-^5 Fig. 11 is a diagram showing a sequence provided 

by the present invention to be followed by a card 
issuer for implementing pre-cooperation; 
Fig. 12 is a diagram showing a sequence provided 
by the present invention to be followed by a service 

30 provider for implementing pre-cooperation; 

Fig. 13 is a diagram showing a sequence provided 
by the present invention to be followed by an agent 
for loading an application onto an IC card; 
Fig. 14 is a diagram showing a sequence provided 

35 by the present invention to be followed by a service 
provider for loading an application onto an IC card; 
Fig. 1 5 is a diagram showing the basic configuration 
of an IC card having a security domain; 
Fig. 16 Is a diagram showing a sequence provided 

^0 by the present invention for implementing coopera- 
tion using a message signature by an agent and a 
security domain; 

Fig. 17 is a diagram showing a sequence provided 
by the present invention for loading an SD (security 
^5 domain) onto an IC card; 

Fig. 18 is a diagram showing a sequence provided 
by the present invention for loading an application 
onto an IC card; 

Fig. 1 9 is a diagram showing a sequence provided 
50 by the present invention to be followed by a card 

issuer for implementing pre-cooperation; 

Fig. 20 is a diagram showing a sequence provided 

by the present invention to be followed by an agent 

for implementing pre-cooperation; 
55 Fig. 21 is a diagram showing a sequence provided 

by the present invention to be followed by an agent 

for loading a security domain; 

Fig. 22 is a diagram showing a sequence provided 
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by the present invention to be followed by an agent 
for loading an application; 

Fig. 23 is a diagram showing a sequence provided 

by the present invention to be followed by a service 

provider for loading a security domain; 

Fig. 24 is a diagram showing a sequence provided 

by the present Invention to be followed by a service 

provider for loading an application; 

Fig. 25 is a diagram showing a typical tenant using 

the present invention; 

Fig. 26 Is an explanatory diagram showing an ex- 
ample of making a contract for rendering restricted 
services using the present invention; and 
Fig. 27 is an explanatory diagram showing a typical 
virtual card using the present invention. 
Fig. 28 is an outline diagram of a card system. 

DETAILED DESCRIPTION OF THE PREFERRED 
EMBODIMENT 

[0030] Fig. 7 is a diagram showing the basic configu- 
ration of a system for issuing IC cards 11 provided by 
the present invention and applications of the IC cards 
11 . In the figure, reference numeral 302 denotes a serv- 
er of a card issuer and reference numeral 305 denotes 
a data base of the card issuer. The data base 305 is 
used for managing issuing management data, which is 
operating information , that is, information on all IC cards 
operated by the card issuer. Reference numerals 901 
and 902 denote a server of an agent and a data base of 
the agent respectively. The data base 902 is used for 
managing application related data, which is operation 
management information, that is, information on appli- 
cations with loading operations thereof permitted by the 
agent. Reference numeral 303 and 306 denote a server 
of a service provider and a data base of the service pro- 
vider respectively. The data base 306 is used for man- 
aging application related data, which is operation infor- 
mation, that is, information on applications of the service 
provider itself. An IC card 11 is issued by a card-issuing 
processing unit 308 in the card-issuer system and dis- 
tributed to users 301 , which each serve as a client. Here, 
the "issue" and the "distribution" of an IC card are the 
issue and the distribution in ordinary everyday language 
and not on-line operation. 

[0031 ] The card-issuing processing unit 308 makes a 
pre-cooperalion conlracl 315 with an applicalion-load 
permission processing unit 31 0 of the agent system and 
issues an agent certification indicating a certified agent 
to the agent. When the service-provider sever 303 loads 
an application onto the IC card 11, an application-load 
processing unit 312 in the service-provider system 
mal<es a request 319, requesting the application load 
processing unit 31 0 of the agent system to load the ap- 
plication. The agent verifies the validity of the applica- 
tion in accordance with an operating policy and issues 
permission for loading an application 316 if validity of 
the application is confirmed. The service provider trans- 



mits a combination 31 4 of the permission for loading the 
application 316 received from the agent and the appli> 
cation 31 6 to the IC card 1 1 by way of an external ter- 
minal 304. The card-issuer server 302 and the agent 

5 server 901 are connected to each other by a networl< 
318. On the other hand, the agent server 901 and the 
service-provider server 303 are connected to each other 
by a network 31 9. In accordance with a policy embraced 
by the operating business enterprise, however, informa- 

10 tion may be mailed by using information recording me- 
dium such as a floppy disc or by using a written letter. 
As described above, in the system provided by the 
present invention, a card issuer makes a cooperation 
contract with an agent, which issues service rendering 

T5 permission to a service provider on behalf of the card 
issuer, and the service-provider server loads an appli- 
cation onto an IC card of a user 

[0032] Here, main characteristic terms in this specifi- 
cation to be easy to understand the following descrip- 
20 tion. 

[0033] "Message signature by agent" designates 
signing for standing in the place of a card issuer. The 
typical example is an information that an information to 
be signed is added an information which is the above- 
25 said information to be signed encrypted by an agent's 
secret key to. 

[0034] "** ** having signature" designates an informa- 
tion that "** **" is added an information which encrypted 
by a key of the signer, for example, a signer's secret key 
30 to. 

[0035] "Agent certification" designates an information 

which certificates by a card issuer that an agent is a per- 
son standing in the place of the card issuer. The typical 
example is an information that an agent's public key is 

35 added an information which is the agent's public key en- 
crypted by an issuer's secret key to. 
[0036] "Authentication certificate" designates an in- 
formation for allowing or permitting to load an applica- 
tion to an IC card (that is, a smart card). The typical ex- 

40 ample is an information that a characteristic information 
by which an application is characterized is added the 
characteristic Information encrypted by agent's secret 
key to. 

[0037] "Security domain" designates a programming 
45 for loading, deleting an application and managing the 
application and some other Items. 
[0038] "Security domain having restricting function" 
designates a programming having one or some restrict- 
ing functions for loading, deleting an application and 
50 managing the application and some other items. 

[0039] The present invention relates to a data system 
having an asymmetrical encryption function. The asym- 
metrical encryption function designates, for example, 
that in the data system, a secret key and a public key 
55 are used, and an encrypted data can be decrypted by 
such an asymmetrical encryption key. 
[0040] Next, concrete methods of message signature 
by agent and loading of a.n application related to the 
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present invention are explained. 
[0041] Here, a conventional terminal apparatus for an 
IC card can be applied for the present invention. Each 
facility of the present Invention has a terminal including 
a server and a read and writer for IC card, etc.. Some 
modes of operating can be employed for this system. 
For example, one is In case of that some kinds of infor- 
mation are once stored in the server, and the other are 
in case of that some kinds of information are loaded to 
IC card by a server and a read and writer for IC card, 
and is in case of that some kinds of information are load- 
ed directly to IC card a read and writer for IC card. In 
the present invention, of course, all mode can be em- 
ployed. 

[0042] In FIG. 29, a diagram depicting briefly the con- 
cept of a card system. As shown in the figure, IC card 
52 includes an IC chip 51 and exchanges data with typ- 
ically a reader and writer 53 which has a control proc- 
essor 54 and a magnetic disc 55 serving as a data base. 
The layout of pins shown in the figure is a typical pin 
layout. That is to say. the IC card has a Vcc (power sup- 
ply) pin, GDN(ground) pin, an RST(reset) pin, an l/0(in- 
put/output) pin and a CLK(clock). 

[0043] For example, the operation to issue an inquiry 
about an ID is denoted by reference numeral (1 ) in FIG. 
29. The operation to transmit the name code is denoted 
by reference numeral (2) in FIG. 29. It should be noted 
that an ordinary card system capable of sufficiently pro- 
viding necessary functions can be employed. The de- 
tailed description on this system is omitted. 
[0044] Here, the above-said application and security 
domain etc. are once stored in a memory region of IC 
card, that is, more concretely IC chip. 
[0045] • The memory region is implemented typically 
by using such as a ROM(read Only Memory), a RAM 
(Random Access Memory), an EEPROM(Electrical 
Erasable Programmable Read Only Memory), Flash 
memory and FRAM( Ferromagnetic Random Access 
Memory). In this specification, the phrases, for example, 
"using a security domain" "through a security domain" 
or "over a security domain" designate the followings: 
that is, OS reads the security domain, that is, a program- 
ming for loading, deleting an application and managing 
the application and some other items, and validity of 
some controlling or managing situations of the prede- 
termined infomriation or data are verified by using the 
security domain, thai is, the programming. And if nec- 
essary, a necessary and predetermined processing is 
done. Here, the above-said conditions for information or 
data are , for example, capacity for storing service infor- 
mation, the number of times of loading applications or 
information, the number of loading service information, 
or the effective term for permitting loading a service in- 
formation, etc.. 

[0046] An ordinary OS region is, of course, employed 
in the present invention. 

[0047] Moreover, a contact type IC card and non-con- 
tact type IC card are employed in the present invention. 



[0048] Next, a message signature by an agent is ex- 
plained by referring to Fig. 8. An A IC card 11 is an IC 
card loaded with an OS for dynamic loading of a plurality 
of applications. The A IC card 11 has already been is- 
5 sued by a card issuer 302. A B service provider 803 is 
a business enterprise rendering a service of loading an 
application onto the A IC card 11. The service provider 
803 makes a contract of rendering services with an 
agent 901. In a normal case, in order for the B service 
10 provider 803 to load an application onto the A IC card 
11 , the B service provider 803 communicates with the 
card issuer 302 to get permission for loading an appli- 
cation from the card issuer 302 in accordance with a 
contract of rendering services made with the card issuer 
75 302. However, the system provided by the present in- 
vention adopts a method whereby the card issuer 302 
makes a cooperation contract with an agent 901, and 
the agent 901 serves as a proxy of the card issuer 302, 
issuing permission for loading an application. Al a time 
^0 the cooperation contract is made, the card issuer 302 
hands over an agent certification to the agent 901 . The 
agent certification recognizes proxy businesses to be 
conducted by the agent 901 on behalf of the card issuer 
302. In an operation to load an application onto the A IC 
^5 card 1 1 , the B service provider 803 receives permission 
for loading the application from the agent 901 before 
loading the application. 

[0049] The following description explains how to real- 
ize the system implemented by the first embodiment of 
30 the present invention as described above in concrete 
terms by referring to Fig. 9. That is to say, the following 
description explains a processing sequence followed by 
an agent to put a message signature. 

35 Representative Basic Processing Sequence of Putting 
a Signature by an Agent 

[0050] A card issuer 302 has made a cooperation con- 
tract based on a mutually cooperative policy with an 
agent 901 . Upon an agreement on the cooperation con- 
tract, the agent 901 transfers an asymmetrical key & a 
public key of its own to the card issuer 302 to make a 
request for an agent certification at a step 1 2001 . 
[0051 ] The card issuer 302 transmits an agent certifi- 
es cation to the agent 901 at a step 12002. A signature is 
put to the agent certification by using an asymmetrical 
key and a secret key owned by the card issuer 302 for 
the public key received from the agent 901 . 
[0052] Then, in an operation carried out by a B service 
50 provider 803 to load an application onto an A IC card 
11 , first of all, the B sen/ice provider 803 requests per- 
mission for loading the application onto the A IC card 11 
from the agent 901 at a step 12003. An example of the 
request for permission for loading an application is a 
55 hash value of the application to be loaded. The hash 
value of an application is an intrinsic value peculiar to 
the application. It should be noted, however, that the re- 
quest for permission for loading an application does not 
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have to be r hash value. Nevertheless, a hash value is 
most convenient and thus widely used. 
[0053] The agent 901 checks the contents of the ap- 
plication, which was filed for permission by the B service 
provider 803 in advance, in orderto verify the validity of 
the application. If a hash value cited above is used, the 
validity is verified by comparing the hash value received 
fronn the B service provider 803 with a hash value gen- 
erated internally in the A tC card 11 for the application. 
Details of this verification will be described later. If infor- 
mation on the A IC card 11 is received from the card 
issuer 302, the infomnation is also verified as well. An 
example of the information on the A IC card 11 is a hot 
list or a black list revealing information on illegal cards. 
[0054] The agent 901 puts a signature to the hash val- 
ue of the application received from the B service provid- 
er 803 by using an asymmetrical key and a secret key 
and returns the signed hash value to the B service pro- 
vider 803 along wilh the agenl cerliricalion al a step 
12004. it should be noted that the secret key corre- 
sponds to an asymmetrical key & a public key, which 
were transmitted to the card Issuer 302 when the coop- 
eration contract was made. 

[0055] The B service provider 803 transmits a combi- 
nation of the hash value of the application received from 
the agent 901 , the agent certification and the application 
itself to the A IC card 11 at a step 12005. As described 
earlier, the hash value is a hash value with a message 
signature put thereto by the agent 901 . 
[0056] The A tC card 11 includes a public key of the 
card issuer 302, which was stored therein when the card 
1 1 was issued. The public key is used for authenticating 
the signature of the agent certification in orderto confirm 
its validity. This is because the signature was put thereto 
by using the public key of the agent 901. If a correct 
signature is confirmed, the public key is used to decrypt 
the hash value of the application. A hash value obtained 
as a result of the decryption is compared with a hash 
value computed from the application received from the 
B service provider 803. If they match each other, the ap- 
plication Is loaded and installed.. The operation to load 
the application is completed upon the installation of the 
application. 

[0057] As described above, the procedure imple- 
mented by the first embodiment of the present invention 
provides a mechanism wherein the agent assures the 
validity of an application and the card issuer assures the 
validity of the agent so that an application assured indi- 
rectly by the card issuer can be loaded onto an IC card, 
As is obvious from the example shown in Fig. 6, between 
the card issuer and the other players, there is a step of 
transmitting an agent certification following a coopera- 
tion contract. After this step, however, the card issuer 
enters an offline state, making it unnecessary to estab- 
lish communication with other players. Depending on 
the contents of a cooperation contract, however, card, 
issuers may exchange hot lists each revealing informa- 
tion on illegal IC cards and information required in a va- 



riety of operations. Even in this case, it is not necessary 
for a card issuer to establish communication with a serv- 
ice provider. 

[0058] More operation details of the processing based 
5 on the basic processing sequence forputting a message 
signature of an agent described above are explained by 
referring to Figs. 10 to 14. These figures show flow- 
charts representing operations carried out by the play- 
ers, namely, the IC card, the card issuer, the agent and 
10 the service provider. 

IC Card: Typical Processing Performed by an IC Card 
to Load an Application onto the IC Card 

15 [0059] Fig, 10 shows a flowchart representing opera- 
tions carried out on the IC-card side to load an applica- 
tion using a message signature of an agent onto the IC 
card. 

[0060] As shown in the Figure, the flowchart begins 
20 with a step 1 3001 , at which the IC card starts processing 
to load an application. 

[0061] At the next step 13002, the IC card receives 
an agent certification and an application authentication 
from a service provider. The application authentication 

25 was signed by an agent. The step 13002 corresponds 
to the step 12005 of the sequence shown in Fig. 9. 
[0062] The agent certification has been signed by a 
card issuer. By the way, a key corresponding to the 
agent certification is stored in the IC card. The IC card 

30 uses the key for authenticating the agent certification 
and decrypting a key of the agent at a step 1 3003. 
[0063] The decrypted key of the agent Is used for au- 
thenticating the application authentication signed by the 
agent and fetches a hash value of the application at a 

35 step 13004. 

[0064] At the next step 13005, the IC card also inter- 
nally computes a hash value of the application received 
from the service provider and compares with a hash val- 
ue decrypted earlier at the step 1 3004. 

40 [0065] If the hash values match each other, the flow 
of the processing goes on to a step 13006 at which the 
IC card recognizes the application authenticated by the 
card issuer as a valid application and install the appli- 
cation. 

45 [0066] If the hash values do not match each other, on 
the other hand, the flow of the processing goes on to a 
step 13007 at which the application is determined to be 
invalid. Thus, the processing to install the application is 
canceled and the IC card outputs an error message. 

50 

Card Issuer: Typical Processing Performed by a Card 
Issuer to Perform Pre-cooperation Using an Agent 

Signature 

55 [0067] Fig. 11 shows a flowchart representing opera- 
tions carried out by a card issuer to perform pre-coop- 
eration using a message signature put thereto by an 
agent. These operations correspond to the steps 12001 
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and 12002 of the sequence shown in Fig. 9. 
[0068] As shown in Fig. 11 , the flowchart begins with 
a step 14001 , at which the card issuer starts pre-coop- 
eration processing to recognize an agent. 
[0069] The card issuer receives a public key fronn the 
agent at a step 14002. The public key is used for creat- 
ing an agent certification. 

[0070] The card issuer puts a signature to the dis- 
closed key by using a key corresponding to a key stored 
in an IC card and transnnits the signed disclosed key to 
the agent at a step 14003. 

[0071 ] The processing described above is the pre-co- 
operatlon between the card issuer and the agent. 
[0072] Fig. 12 shows a flowchart representing the 
agent's pre-cooperation processing procedure using a 
message signature of the agent. As shown in the figure, 
the flowchart begins with a step 15001, at which the 
agent starts pre-cooperation processing to execute jobs 
of a proxy of a card issuer. First of all, the agent transmits 
its public key to the card issuer at a step 15002. At the 
next step 1 5003, the agent receives an agent certifica- 
tion signed by the card issuer. 

Agent: Typical Processing to Load an Application by 
Using an Agent Signature 

[0073] Fig. 13 shows a flowchart representing the pro- 
cedure of processing to load an application using a mes- 
sage signature put by an agent. 

[0074] At a step 1 6002, the agent receives a request 
to load an application from a service provider. At the next 
step.l 6003. the agent verifies the validity of the contents 
of the application cataloged in advance and the validity 
of the service provider in order to form a judgment as to 
whether or not to permit an operation to load the appli- 
cation. 

[0075] If the operation to load the application is per- 
mitted, the flow of the processing goes on to a step 
16004, at which the agent transmits an application au- 
thentication to the service provider. The application au- 
thentication is a combination of data representing char- 
acteristics of the application and the agent certification 
received from a card issuer in a pre-cooperation proc- 
ess. The data, which was received from the service pro- 
vider, has been encrypted by the agent using a key. An 
example of the data representing characteristics of the 
application is the aforementioned hash value of the ap- 
plication. 

[0076] If the operation to load the application is not 
permitted, on the other hand, the flow of the processing 
goes on to a step 16005, at which the agent notifies the 
service provider of the fact that the loading operation is 
not allowed. 

Service Provider: Typical Processing to Load an 
Application of the Service Provider 

[0077] Fig. 14 shows a flowchart representing the pro- 



cedure of processing to load an application of a service 
provider by using a message signature put by an agent. 
[0078] At a step 1 7002, the service providertransmits 
data representing characteristics of an application to the 
5 agent to make a request for permission for loading an 
application. An example of the data is a hash value of 
the application. 

[0079] At the next step 1 7003, the service provider re- 
ceives an application authentication from the agent. The 
10 service provider then transmits the application authen- 
tication to an IC card along with the application itself at 
a step 17004. 

[0080] The pieces of processing described above are 
typical processing procedures to load an application on- 

?5 to an IC card by using the agent-signature method. 
[0081 ] Next, examples of a second embodiment pro- 
viding functions supplementary to the first embodiment 
of the present invention described so far are explained. 
As described previously, briefly speaking, an IC card 

20 provided by the second embodiment has a security do- 
main with the so-called restricting function. 
[0082] As described above, by handing over an agent 
certification to an agent, the problems can be solved, 
but another problem is raised. That is to say, once an 

25 agent certification is handed over to an agent, the agent 
is usually provided with a power capable of loading an 
unlimited number of applications thereafter. However, 
an application loading area on an IC card is not limitless. 
In addition, a cooperation contract is normally made as 

30 a contract, which is good only for a predetermined term 
of validity. Thus, there is desired a mechanism wherein 
the card issuer may provide a power enabling the agent 
to load only 1 application or a power enabling the agent 
to load applications only within a set term of power va- 

35 lidity 

[0083] The second embodiment of the present inven- 
tion is provided for satisfying such a mechanism. Fig. 
15 is a diagram showing a complete configuration using 
a security domain with a restricting function. 

40 [0084] Therolesandrelationsof players shown in Fig. 
15, namely, the IC card 11, the card issuer 302, the 
agent 901 and the service provider 803, are the same 
as those shown in Fig. 1 1 . To be more specific, the card 
issuer 302 makes a cooperation contract with the agent 

^5 901 , and the agent 901 serves as a proxy for the card 
issuer 302 to Issue permission for loading an application 
on behalf of the card issuer 302 as is the case with the 
system shown in Fig. 11. However, the system shown 
in Fig. 15 is different from the system shown in Fig. 11 

50 in that, in the case of the former, it is necessary to load 
a security domain into the IC card 11 before loading an 
application onto the same IC card 11. In the following 
description, only differences from the sequence shown 
in Fig. 9 are mainly explained and the explanation of 

55 things common to both the systems is omitted. 

[0085] A security domain executes loading, deletion 
or management of applications on an IC card. Precon- 
ditions for enabling such management are: 
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1 : An asymmetrical key and an encryption key can 
be stored in the security domain. 
2: An application is stored into an IC card through 
the security domain. 

5 

[0086] Actual implementations of a security domain 
include an application, a library and data. Traditionally, 
a security domain is created by a business enterprise 
loading an application. In accordance with the present 
invention, however, a security domain is created by a to 
card issuer When a cooperation contract is made, the 
card issuer 302 hands over an agent certification and a 
security domain with a restricting function to the agent 
901. As described earlier, the agent certification is an 
evidence issued by the card issuer 302 for recognizing 75 
the agent 901 . First of all, a B service provider desiring 
to load an application onto an A IC card must load a 
security domain with a restricting function onto the A IC 
card. The B service provider receives the security do- 
main from the agent 901 and sets the security domain 20 
in the A IC card. Then, the B service provider receives 
permission for loading the application from the agent 
901 and loads the application onto the A IC card through 
the security domain, 

[0087] Fig. 1 6 is a diagram showing a processing se- 25 
quence to implement cooperation by using a combina- 
tion of functions of a message signature of an agent and 

a security domain. 

[0088] The card issuer 302 makes a cooperation con- 
tract based on a mutual operating policy with the agent 30 
901 . If the card issuer 302 agrees with the agent 901 on 
the cooperation contract, the agent 901 transmits an 
asymmetrical key and a public key of its own to the card 
issuer 302 in order to request an agent certification from 
the card Issuer 302 at a step 1 9001 . 35 
[0089] For the public key received from the agent 901, 
the card issuer 302 puts an asymmetrical key and a se- 
cret key of its own to an agent certification and transmits 
the agent certification to the agent 901 at a step 1 9002. 
[0090] Then, keys to be stored in the security domain 40 
are exchanged between the agent 901 and the card is- 
suer 302. During an operation, a key of the card issuer 
302 and a key of the agent 901 are stored in the security 
domain . First of all, the agent 90 1 creates a pair of asym- 
metrical keys for the security domain and transmits the 45 
secret key to the card Issuer 302 at a step 19003. 
[0091] If the data of the secret key Is known by other 
parties including the card issuer 302, however, a secu- 
rity problem is raised. Thus, the secret key is subjected 
to a blinding process prior to the transmission. By the so 
same token, the card issuer 302 creates a pair of asym- 
metrical keys for the security domain. The secret key is 
used for putting a signature to the secret key, which was 
subjected to the blinding process in the agent 901 , and 
returns the signed secret key back to the agent at a step 55 
19004. 

[0092] The agent 901 removes the blind from the 
signed secret key received from the card issuer 302. A 



blind-signature method for an asymmetrical key is an 
already known technology. An example of the blind-sig- 
nature method is an RSA blind-signature technique de- 
scribed in documents such as a reference with a title of 
"Handbook of Applied Cryptography" authored by A. 
Menezes and P. van Oorschot and published by CRC 
Press in 1996. 

[0093] Then, the card issuer 302 creates a security 
domain, setting a restricting condition according to the 
cooperation contract in the security domain. Then, the 
card issuer 302 then stores a security-domain public key 
of its own in the security domain. As an alternative, the 
card issuer 302 sets the security-domain public key in 
a security domain created in advance in accordance 
with the cooperation contract. Then, the card issuer 302 
puts a signature to the security domain by using a secret 
key of the card Issuer 302 and sends the signed security 
domain to the agent 901 as a security domain having a 
resLricling function al a step 19005. Exchanges of infor- 
mation for the p re-cooperation contract are finished at 
this step. 

[0094] A point attracting attention in this case is the 
fact that a security-domain key of the card issuer and a 
security-domain key of the agent exist in addition to the 
asymmetrical keys, namely, the key of the card issuer 
and the key of the agent. 

[0095] Next, exchanges of information in an operation 
to load an application into an IC card are explained. 
Since a security domain set in the IC card is a premise 
of the operation to load an application into the IC card, 
a method of loading the security domain into the IC card 
is described first. 

Typical Method of Loading a Security Domain 

[0096] A security domain of a B service provider 803 
loaded into an IC card 11 is a security domain with a 
restricting function. The security domain with a restrict- 
ing function is transmitted by a card issuer 302 to an 
agent 901 as part of pre-cooperation. At a step 19006, 
the agent 901 receives a request for permission for load- 
ing a security domain from the B service provider 803. 
[0097] At the next step 19007, the agent 901 transmits 
the security domain with a restricting function to the B 
service provider 803. It should be noted, however, that 
security domains may have been distributed to service 
providers 803 in advance. That is to say, the operation 
carried out at the step 19007 to transmit a security do- 
main may precede the operation carried out at the step 
1 9006 to receive the request for permission for loading 
the security domain. At the next step 19008, the agent 
901 transmits a pair of security-domain keys to the B 
service provider 803. The pair of keys consists of a 
signed secret key received by the agent at the step 
1 9004 and a public key corresponding to the signed se- 
cret key. As described earlier, the blind was removed 
from the signed secret key. 

[0098] The security-domain public key was not en- 
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crypted and has no signature put thereto. The B service 
provider 803 uses this security-domain public key tor 
purposes such as verifying a signature in a communi- 
cation with the security domain and holding a secured 
communication. At the next step 19009, the B service 5 
provider 803 stores the security domain having a re- 
stricting function into the IC card 1 1 . The IC card 1 1 ver- 
ifies the validity of the security domain as follows. As 
described earlier, a signature of a key of the card issuer 
302 was put to the security domain at the step 1 9005. io 
A public key of the card issuer 302 was loaded onto the 
IC card 11 when the IC card 11 was issued by the card 
issuer 302. Thus, the IC card 11 is capable of verifying 
the validity of the security domain by using these keys. 
[0099] If the validity can be verified, the IC card 11 re- t5 
ceives a security-domain secret key from the B sen/ice 
provider 803 at a step 1901 0 and verifies the validity of 
this key. As is obvious from the description of the step 
1 9004, Ihe securily-domain key is a securily-domain key 
of the agent 901 , to which a signature is put by using a 
security-domain secret key of the card issuer 302. In the 
security domain with a restricting function set on the IC 
card 1 1 , a security-domain public key of the card Issuer 
302 is set. Thus, the validity of the signature can be ver- 
ified internally. If the validity of the security-domain key 25 
can be verified, the key is decrypted and the security- 
domain secret key of the agent 901 is set In the security 
domain having a restricting function. 
[0100] Up to this point, the security domain having a 
restricting function was stored into the IC card 11 and 30 
the -key was also set. Thus, the security domain can 
starts execution of Its functions. In the security domain, 
the following keys are stored: 

:{a) a public key created by the card issuer 302 for 35 
the security domain 

(b) a secret key created by the agent 901 for the 
security domain 

A secret key associated with the public key (a) is 
kept by the card issuer 302. On the other hand, a 40 
public key associated with the secret key (b) has 
been transmitted to the B service provider 803. That 
is to say, the security domain created by the card 
issuer 302 with a restricting function has keys of the 
two players, and functions in the IC card 11. ^5 

[01 01 ] Next, an operation carried out by the B sen/ice 
provider 803 to load an application into the A IC card 1 1 
is explained. 

[0102] First of all, atastep 190011, the Bservicepro- 50 
vider 803 issues a request for permission for loading an 

application into the A IC card 11 to the agent 901. In 
actuality, the request for such permission is to transmit 
a hash value of the application to be loaded. 
[0103] The agent 901 verifies the validity of the appli- 55 
cation by referring to the contents of the application filed 
In advanced by the B service provider 803. If Information 
on IC cards such as a hot list, that is, a black list of invalid 
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IC cards, was also received from the card issuer 302, 
the black list is also checked to determine whether or 
not the A IC card 11 is on the list. The agent 901 then 
puts Its signature to the hash value of the application 
received from the B service provider 803 by using its 
own secret key and transmits the signed hash value to 
the B service provider 803 at a step 19012 along with 
agent certification received at the step 19002. It should 
be noted that the secret key corresponds to the asym- 
metrical public key, which was transmitted to the card 
issuer 302 when the cooperation contract was made. 
[0104] The B service provider 803 encrypts the appli- 
cation by using the security-domain public key received 
at the step 1 9008 and then transmits the encrypted ap- 
plication to the A IC card 11 at a step 19013 along with 
the hash value of the application with the message sig- 
nature of the agent 901 put thereto and the agent certi- 
fication. The hash value and the agent certification were 
received at the step 19012 as a response to the request 
for permission for loading the application. 
[0105] After the security domain with a restricting 
function In the A IC card 11 receives the information, first 
of all, the security domain verifies the signature of the 
agent certification. The agent certification is a public key 
of the agent 901 with a signature put thereto by using a 
security-domain secret key of the card issuer302. Since 
a public key associated with the security-domain secret 
key is held in the security domain having a restrictive 
function, the public key can be used for verifying and 
decrypting the signature. Since a key used for putting a 
signature of the agent 901 to the hash value of the ap- 
plication is a secret key of the agent 901 , the hash value 
is decrypted by using the decrypted public key of the 
agent 901 . On the other hand, the application was en- 
crypted by using a security-domain public key of the 
agent 901 . Since a secret key corresponding to the se- 
curity-domain public key is stored in the security domain 
with a restricting function, the secret key can be used 
for decrypting the application and fetching the hash val- 
ue. This fetched hash value Is compared with the hash 
value obtained eariier as a result of the decryption. If 
they match each other, the application Is determined to 
be valid. The valid application is then loaded and in- 
stalled in the A IC card 11 at a step 1 901 3. At this step, 
the operation to load the application Is finished. 
[0106] The procedure described above provides a 
mechanism wherein the agent 901 assures the validity 
of an application and the card issuer 302 assures the 
validity of the agent 901 so that an application assured 
Indirectly by the card issuer 302 can be loaded onto an 
IC card 11 . As described above, In the security domain, 
the following keys are stored: 

(a) a public key created by the card issuer 302 

(b) a secret key created by the agent 901 

[0107] The public key (a) Is used for verifying the 
agent certification while the secret key (b) is used veri- 
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fying the application. 

Differences from a mechanism using only a message 
signature of an agent are described as follows: 

[0108] 

(1 ) in the first place, keys for verifying validity in an 
IC card are stored in a security domain. 

(2) In the second place, the above keys are created 
by a card issuer and an agent in advance for secu- 
rity-domain use. 

(3) in the third place, the above keys are used for 
loading, deletion and management of applications 
by a security domain or a card OS using security- 
domain information. 

[0109] As described above, loading, deletion and 
management of applications are conlroHed by a security 
domain with a restricting function provided by the 
present invention. Since the security domain is created 
by a card issuer in accordance with conditions pre- 
scribed in a cooperation contract, an operation to load 
an unlimited number of applications can be avoided. In 
accordance with the present invention, the following pol- 
icy can be adopted in case an agent puts its signature 
illegally. To put it in detail, a cooperation contract may 
prescribe proper conditions such as: 

1: Only 1 application can be loaded. 

2: A date is set as a loading deadline. 

3: An upper limit of the amount of loaded information 

is set. 

[01 1 0] In this way, a security domain with a restricting 
function can be created. Communications between the 
card issuer and other players are put in an offline state 
after the cooperation contract is made. An application 
may be transmitted to an IC card against the will of the 
card player. In such a case, however, an operation to 
load the application into the IC card will be blocked by 
the security domain on the IC card. 
[0111] More detailed typical operations based on the 
basic processing sequence using the security domain 
described so far are explained by referring to Figs. 17 
to 24. The figures show flowcharts representing opera- 
lions carried out by players, namely, the IC card, the 
card issuer, the agent and the service provider. In the 
figures throughout this specification, the security do- 
main with a, restricting function provided by the present 
invention is represented by a hatched box. 

IC Card: Typical Processing to Load a Security Domain 

[0112] Fig. 17 shows a flowchart representing 
processing carried out by an IC card to load a security 

domain into the IC card by adopting a method provided 
by the present invention. This processing corresponds 



to the steps 19009 and 19010 of the sequence shown 
in Fig. 16. 

[01 13] At a step 20002, the IC card receives a security 
domain from a service provider, Since the security do- 

5 main was signed by using a key of a card issuer, the 
security domain is decrypted by the IC card at a step 
20003 by using a key corresponding to the key used to 
put a signature to the security domain. 
[0114] At the next step 20004, the signature put to the 

10 security domain is checked. If the signature is found cor- 
rect, the flow of the processing goes on to a step 20005, 
at which the security domain is installed in the IC card. 
If the signature is found incorrect, on the other hand, the 
flow of the processing goes on to a step 2001 0, at which 

75 the IC card outputs a message Indicating that the instal- 
lation of the security domain is canceled. 
[0115] Afterthe security domain is installed atthe step 
20005, the flow of the processing proceeds to a step 
20006 at which a key to be set in the security domain is 

20 received. Since the received key is signed by using a 
security-domain key of the card provider, the received 
key is decrypted by using a decryption key correspond- 
ing to the security-domain key at a step 20007. The de- 
cryption key was stored in the security domain when the 

25 security domain was created. 

[0116] Atthe next step 20008, the received key Is ver- 
ified to determine whether or not the key is correct. If 
the key is found correct, the flow of the processing goes 
on to a step 2009, at which the key is set in the security 

30 domain. If the key is found incorrect, on the other hand, 
the flow of the processing continues to a step 20011 , at 
which a message indicating the cancellation of the key 
on the security domain is output. 

35 IC Card: Typical Processing to Load an Application 

[0117] Fig. 18 shows a flowchart representing 
processing carried out by an IC card to load an applica- 
tion into the IC card by adopting a method provided by 

40 the present invention. This processing corresponds to 
the step 19013 of the sequence shown in Fig. 16. 
[01 18] As shown in Fig. 1 8, the flowchart begins with 
a step 21 001 , at which the processing to load an appli- 
cation onto the IC card is started. At the next step 21 002, 

45 the IC card receives an agent certification, an applica- 
tion authentication and an application from a service 
provider. The application authentication was signed by 
an agent and the application was encrypted by using a 
secuhty-domain key owned by the service provider. 

50 [0119] The agent certification was signed by a card 
issuer by using a key. At the next step 21 003, the agent 
certification is thus authenticated by a key, which is 
stored in the security domain and corresponds to the 
key used for signing the agent certification, and the key 

55 of the agent is decrypted. 

[0120] Atthe next step 21 004, the application authen- 
tication signed by the agent is authenticated by using 
the decrypted key of the agent and the hash value of the 
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application Is fetched. 

[0121] The application was encrypted by the service 
provider by using a key. At the next step 21 005, the ap- 
plication is thus decrypted by using a key, which is 
stored in the security domain and corresponds to the 
key used for encryption of the application. The applica- 
tion is then fetched and a hash value thereof is calcu- 
lated by the IC card. At the next step 21 006, the calcu- 
lated hash value is compared with the hash value ob- 
tained as a result of the encryption at the step 21004. 
[01 22] If the hash values are equal to each other, the 
application is recognized as an application authenticat- 
ed .by the card issuer. In this case, the flow of the 
processing goes on to a step 21007, at which the appli- 
cation is Installed in the IC card. 
[01 23] If the hash values are not equal to each other, 
on the other hand, the IC card deternnines that it is quite 
within the bounds of possibility that the application is an 
illegal applicalion. In this case, the Tlow of the processing 
goes on to a step 21008, at which the IC card outputs 
an error message indicating cancellation of the applica- 
tion installation. 

Card Issuer: Typical Pre-Cooperation 

[01 24] Fig. 1 9 shows a flowchart representing pre-co- 
operation processing carried out by a card issuer in ac- 
cordance with the present invention. This processing 
corresponds to the steps 19001 to 19005 of the se- 
quence shown in Fig. 16. 

[01.25] As shown in Fig. 19, the flowchart begins with 
a step 22001 at which pre-cooperation processing to 
recognize an agent is started. At the next step 22002, 
the card issuer receives a public key for creating an 
agent certification fronn the agent. 
[0126] At the next step 22003, the card issuer signs 
the public key by using a key corresponding to a key 
stored in an IC card and returns the signed public key 
to the agent. 

[0127] At the next step 22004, the card issuer re- 
ceives a key for storing a security domain from the 
agent. At the next step 22005, the key received from the 
agent is encrypted by using a key corresponding to a 
key set internally in the security domain at a creation 
time of the security domain and returned to the agent. 
At the next step 22006, the security domain is signed by 
using a key of Ihe card issuer and transmitted to the 
agent. 

Agent: Typical Pre-Cooperation 

[01 28] Fig. 20 shows a flowchart representing the pro- 
cedure of pre-cooperation processing carried out by an 
agent in accordance with the present invention. 
[01 29] First of all, at a step 23002, the agent transmits 
the public key of the agent to the card issuer. At the next 
step 23003, the agent receives an agent certification, to 
which the signature of the card issuer was put. 



[0130] At the next step 23004, the agent generates a 
secret key for loading a security domain and carries out 
a blinding process on the secret key before transmitting 
the secret key to the card issuer. 
5 [01 31] At the next step 23005, the agent receives the 
key to which the signature of the card issuer was put 
and carries out a de-blinding process on the key. 
[0132] At the next step 23006, the agent receives a 
security domain including the signature of the agent. 
10 This security domain was signed by using a key of the 
card issuer. 

Agent: Typical Processing to Receive a Requestto Load 
a Security Domain 

[0133] Fig. 21 shows a flowchart representingthe pro- 
cedure of processing carried out by an agent to receive 
a request to load a security domain into an !C card in 
accordance with the present invention. This processing 
corresponds to the steps 19006 to 19008 of the se- 
quence shown in Fig. 16. 

[0134] At a step 24002, the agent receives a request 
to load a security domain into an IC card from a service 

provider. At the next step 240O3, the agent transmits a 
signed security domain received from a card issuer to 
the service provider as it is. 

[0135] At the next step 24004, the agent transmits a 
pair of security-domain keys created in advance to the 
service provider. The security-domain keys were signed 
by the card issuer in pre-cooperation processing. 

Agent: Typical Processing to Receive a Requestto Load 
an Application 

[0136] Fig. 22 shows a flowchart representingthe pro- 
cedure of processing carried out by an agent to receive 
a request to load an application into an IC card in ac- 
cordance with the present invention. 
[0137] At a step 25002, the agent receives a request 
to load an application into an IC card from a service pro- 
vider. At the next step 25003, the agent verifies the va- 
lidity of the contents of the application and the validity 
of the service provider in order to form a judgment as to 
whether or not the application can be loaded into an IC 
card. 

[0138] If the application is found loadable, the flow of 
the processing goes on to a step 25004, at which the 
agent transmits an application authentication to the 

service provider The application authentication is a 
combination of data encrypted by using a key of the 
agent and the agent certification, which was received 
from a card issuer when a pre-cooperation contract was 
made. The encrypted data represents a characteristic 
of the application such as a hash value of the applica- 
tion, which was received from the service provider. If the 
application is found unloadable, on the other hand, the 
flow of the processing goes on to a step 25005 at which 
the agent informs the service provider that the applica- 
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tion cannot be loaded. 

Service Provider: Typical Processing to Load a Security 
Domain 

[01 39] Fig. 23 shows a flowchart representing the pro- 
cedure of processing carried out by a service provider 
to load a security domain into an !C card in accordance 
with the present invention. 

[01 40] At a step 26002, the service provider requests 
an agent to load a security domain into an IC card. At 
the next step 26003, the sen/ice provider receives a se- 
curity domain signed by a card issuer, and transmits the 
security domain to a card at a step 26004. 
[01 41 ] At the next step 26005, the service provider re- 
ceives a pair of security-domain keys from the agent af- 
ter the security domain has been set on the card. 
[0142] At the next step 26006, the service provider 
transmits a security-domain secret key signed by the 
card Issuer to the security domain to be set thereon. 

Service Provider; Typical Processing to Load an 
Application 

[01 43] Fig. 24 shows a flowchart representing the pro- 
cedure of processing carried out by a service provider 
to load an application into an IC card in accordance with 

Ihe present invention. 

[01 44] At a step 27002, the service provider requests 
an agent to give permission for loading an application 
into an IC card by transmitting typically a hash value of 
the application to the agent. At the next step 27003, the 
service provider receives an application authentication 
from the agent. 

[0145] Atthe next step 27004, the service provider en- 
crypts the application by using a key corresponding to 

a key set on the security domain and transmits the en- 
crypted application to the IC card along with the appli- 
cation authentication. 

[0146] What is described above is the procedure of 
processing carried out by a sen/ice provider to load an 
application into an IC card in accordance with an appli- 
cation loading method provided by the present inven- 
tion. 

[0147] The following description explains a variety of 
IC-card forms Implementable by using the present in- 
vention and a variety of ways to operate the IC card. 
[01 48] As is obvious from the sequence shown in Fig. 
9, according to the system provided by the present in- 
vention, the agent 901 carries out a proxy business on 
behalf of the A card issuer 302. If the proxy business is 
carried out by an agent 901 other than the A card issuer 
302, notonly is a service provider making acontract with 
the A card issuer 302 capable of loading an application 
onto the A card 1 1 , but a service provider making a con- 
tract with the other card issuer 901 is also capable as 
well. That is to say, the present invention can be used 
by constructing a structure comprising the existing card 



issuer and a service provider. 

[0149] In addition, a card issuer is capable of serving 
as an agent of another card issuer and vice versa. In 
this case, an application of a service provider can be 

5 loaded onto a card of either the card issuer. Moreover, 
by utilizing the method provided by the present inven- 
tion, collaborative operations among existing card oper- 
ation management systems can be carried out. 
[0150] The following description explains some con- 

10 Crete applications of the card system provided by the 
present invention. 

[0151] The first application is a tenant business. The 
tenant business is explained by referring to Fig. 25 as 
an application of the present invention. A tenant busi- 
15 ness in this specification is a business to manage ten- 
ants, that is, a business to rent a partial area in an IC 
card to a tenant business enterprise other than the card 
Issuer. 

[0152] Fig. 25 is a diagram showing a concept of op- 

20 erating a partial area in an IC card. In this embodiment, 
an application related to a cooperation business is load- 
ed on the IC card by using a message signature of an 
agent and a security domain with a restricting function, 
which are provided by the present invention. 

25 [0153] The embodiment is explained by referring to 
Fig. 25. A card issuer 2801 is a business enterprise fully 
responsible for IC-card related businesses including is- 
suance of an IC card 11 . The card issuer 2801 makes a 
contract with a service provider 2802 and a service pro- 

30 vider 2803 to give permission for loading their respective 
applications into the IC card 11 . In addition, this embod- 
iment includes a tenant business enterprise 2804, which 
gives a tenant-desiring enterprise 2805 an authentica- 
tion of an operation to load an application of the tenant- 

35 desiring enterprise 2805. Receiving such an authenti- 
cation, the tenant-desiring enterprise 2805 is allowed to 
load an application thereof into a corporation application 
area of the IC card 11 . Thus, the tenant-desiring enter- 
prise 2805 corresponds to the service provider cited in 

40 the description given so far. On the other hand, the ten- 
ant business enterprise 2804 corresponds to the agent 
cited in the description given so far. 
[0154] Alsoloadedinthe ICcard 11 is a card OS 281 0, 
which allows a plurality of applications to be loaded and 

45 has a dynamic-loading function. The card OS 281 0 ex- 
ecutes functions of the IC card 11, Security domains 
281 1 and 281 2 are set on the card OS 281 0. To be more 
specific, reference numerals 2811 and 2812 denote se- 
curity domains of the service providers 2B02 and 2803 

50 respectively. 

[0155] The service provider 2802 loads its applica- 
tions 2814 and 2815 into the IC card 11 through the se- 
curity domain 281 1 . By the same token, the service pro- 
vider 2803 loads its applications 281 6 and 281 7 into the 

55 IC card 11 through the security domain 2812. The serv- 
ice provider 2805 making a cooperation contract with 
the agent 2804 is capable of loading an application into 
the IC card 11 through a security domain 2813 having a 
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restriction function. In the embodinnent, the service pro- 
vider 2805 loads applications 2818 and 2819. The re- 
stricting function of the security domain 2813 controls 
applications loaded through the security domain 2813. 
To put it concretely, an area represented by a hatched 
block in the figure is an area controlled by the security 
domain 2813. 

[0156] In the configuration shown in the figure, the 
agent 2804 gives permission lor loading an application. 
Thus, the agent 2804 rents a loading area from the card 
issuer 2801 and rents the area to service providers in- 
cluding the service provider 2805. If this configuration is 
compared with a tenant business enterprise renting a 
floor from a building owner and advertising for tenants, 
the IC card 11 and an area in the IC card 11 correspond 
to the building and a floor in the building respectively 
Thus, the IC issuer 2801 owning the IC card corre- 
sponds to the building owner. On the other hand, the 
agenl 2804 renting an area in the IC card 11 from the 
card issuer 2801 corresponds to the tenant business en- 
terprise renting a floor of the building from the building 
owner. The service provider 2805 rendering services in 
the area corresponds to a tenant occupying the floor for 
some purposes, Thus, the agent 2804 needs to have a 
function as a middle man making a contract with the 
service provider 2805. 

[01 57] The above embodiment is a form of application 
of the present invention wherein some predetermined 
areas of the IC card are rented to the tenant business 
enterprise. The actual operations carried out by the 
agent and the service provider to load an application are 
the^^same as the general operations of the present in- 
vention explained so far. 

[0158] Fig. 26 is an explanatory diagram showing an 
embodiment wherein a card issuer 2901 associates a 
service provider 2905 in a relationship contract with a 
security domain 2913 having a restricted function. This 
embodiment is different from the embodiment shown in 
Fig. 25 in that, in this embodiment, the agent 2804 does 
not exist between the card issuer 2901 and the service 
provider 2905. The rest Is the same as the embodiment 
shown in Fig. 25. 

[0159] A merit offered by this embodiment is an in- 
creased degree of security obtained in online authenti- 
cation during an operation to load an application. As al- 
ready described earlier, in the case of the conventional 
system, in general the service provider requests an au- 
thentication from the card issuer in an operation to load 
an application into an IC card. As a technique to make 
a request for authentication, there are online authenti- 
cation carried out on an as-needed basis or online au- 
thentication carried out as a batch operation, in the 
former technique, each time such a request is made, a 
communication through a network is established. With 
the latter technique, on the other hand, a number of per- 
mits to load applications are acquired from the card is- 
suer in advance. In the case of either online authentica- 
tion technique, there is raised a problem of the card is- 



suer's weakened control of the IC card. By setting re- 
strictions in a security domain with a restricting function 
loaded on the IC card, however, this problem can be put 
under control. In addition, a difference in loading power 
5 among service providers each making a contract can be 
set, making it possible to make a contract according to 
the reliability of a service provider. 
[01 60] Next, a virtual card of IC cards is explained. A 
virtual card is an application of IC cards provided by the 
TO present invention. 

[0161] Fig. 27 is an explanatory diagram showing the 
concept of a virtual card. A virtual card makes a plurality 
of IC cards, which may have been issued by different 
card issuers, appear to service providers as a single 
75 card under integrated control of the IC cards executed 
by a third party. To be more specific, service providers 
load applications for the respective IC cards into the IC 
cards through a third party in the sanhe way as if each 
or the applications were loaded into an application area 
of a single IC card, namely, the virtual card. Thus, the 
service providers are capable of using a plurality of IC 
cards in the same way as if only one IC card were used. 
[01 62] In the embodiment shown in Fig. 27, an A card 
3005, a B card 3006 and a C card 3007 are different IC 
cards with card issuers thereof each making a cooper- 
ation contract with the third party 3001 . In the following 
description, the third party 3001 is referred to as a vir- 
tual-card issuer to make the description more explana- 
tory. Since the virtual-card issuer 3001 rents an appli- 
cation loading area in the A card 3005, the service pro- 
viders 3002, 3003 and 3004 each making a contract with 
the virtual-card Issuer 3001 are each allowed to load an 
application into the application loading area in the A card 
3005 provided that loading conditions are satisfied. By 
the same token, the service providers 3002, 3003 and 
3004 each making a contract with the virtual-card issuer 
3001 are each allowed to load an application into an ap- 
plication loading area in the B card 3006 or the C card 
3007. That is to say, in spite of the fact that the virtual- 
card issuer 3001 does not do the actual card-issuing 
business, the virtual-card issuer 3001 conceptually is- 
sues a virtual card 3008, which can be regarded as a 
card allowing the sen/Ice providers 3002, 3003 and 
3004 to load applications Into application loading areas 
in the A card 3005, the B card 3006 and the C card 3007 
If there has been made a contract between each of the 
service providers 3002, 3003 and 3004 and the virtual- 
card issuer 3001. To a seivice provider, only one card 
issuer is required to make a contract with and to estab- 
lish a communication to in order to load applications into 
a plurality of cards. As a result, both the labor and the 
cost can be reduced substantially. 
[01 63] The above description of the present invention 
can be summarized into the following essentials. 
[01 64] In accordance with the present invention, with- 
out obtaining permission for loading an application into 
an IC card directly from the issuer of the IC card, a serv- 
ice provider is capable of loading an application into the 
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IC card with the same high degree of security as loading 
directly permitted by the card Issuer. Thus, by eliminat- 
ing the need to establish direct communication between 
a card issuer and a service provider serving as a coop- 
eration partner and by letting cooperation contracts be 
nnade among card issuers, it Is possible to solve prob- 
lems that will arise in consequence of the popularization 
of the IC card and the increased number of users in the 
future. As a result, the present invention allows flexible 
services to be provided to an IC card. It should be noted 
that the problems arising in consequence of the popu- 
larization of the IC card and the increased number of 
users are classified Into the following first and second 
categories. The problem of the first category is caused 
by a large number of contracts made between card is- 
suers and service providers and a large amount of com- 
munication traffic between the card issuers and the 
service providers. On the other hand, the problem of the 
second category is a problem among business enter- 
prises that are practically incapable of making a con- 
tract. 

[01 65] In addition, there are also two problems arising 
in consequence of the use of an agentto solvethe above 
problems. The first problem is a risk of loading an un- 
limited number of applications into IC cards once an 
agent certification is issued. The second problem is the 
need to make a cooperation contract to handle a limited 
size of a loading area. Using a security domain having 
a restricting function can solve these problems. 
[0166] Moreover, by adopting the application loading 
method provided by the present Invention, new ways of 
utilizing an IC card become possible. 
[0167] The new ways of utilizing an IC card are listed 
as follows: 

1 : A method of applying an IC card to an existing 
system 

2: A mutual operating method for carrying out agent 
businesses among card Issuers themselves 
3: A tenant business of renting and operating an ar- 
ea on an IC card 

4: Setting a difference in application loading among 
service providers by a card issuer 
5: Virtual-card issuing business 

[0168] In accordance with the first embodiment pro- 
vided by the present invention, without obtaining per- 
mission for loading an application into an 10 card directly 
from the issuer of the IC card, a service provider is ca- 
pable of loading an application into the IC card with the 
same high degree of security as loading directly permit- 
ted by the card issuer. In addition, the first embodiment 
of the present invention is capable of solving complexi- 
ties of various kinds of actual processing caused by an 
increasing number of contracts made between card is- 
suers and service providers as well as an increasing 
amount of communication traffic between the card issu- 
ers and the service providers. 



[01 69] The second embodiment of the present inven- 
tion Is capable of solving the problem of loading an un- 
limited number of applications into IC cards without ob- 
taining permission for loading an application into an IC 
5 card directly from the issuer of the IC card. 

LIST OF REFERENCE NUMERALS 

[0170] In order to make the drawings easy to under- 
go stand, main reference numerals used in the drawings 
are explained as follows. 

11: ICcard 

101: Hardware layer in an IC card 

1 02: OS layer In an IC card 

106: Application loaded in an IC card 

107: Application layer in an IC card 

108: Security domain 

302: Card-issuer server 
20 303: Service-provider server 

304: External terminal for a client 

305: Card-Issuer data base 

306: Service-provider data base 

801 and 802: Applications 
25 804 and 805: Security domains 

803: Service provider 

901 : Agent 

902: Agent data base 
2801 : Card issuer 
30 2802 and 2803: Service providers 

2804: Agent or tenant business enterprise 

2805: Service provider ortenant-desiring enterprise 

2810: Card OS 

2811 and 1812: Security domains 
35 2813: Security domain with a restricting function 
2814 to 281 9: Applications 
2901 : Card issuer 

2902, 2903 and 2905: Service providers 

2904 and 2910: Card OS 
40 2911 and 2912: Security domains 

2913: Security domain with a restricting function 

2914 to 2919: Applications 

3001: Virtual-card issuer 

3002 to 3004: Sen/ice providers 
45 3005 to 3007: IC cards 

3009 to 301 1 : Loading areas for cooperation part- 
ners 

[0171] There are a number of aspects of the present 
50 invention. The following is a summary of principal as- 
pects. 

[01 72] In accordance with a first aspect of the present 
invention, there is provided a message-signature-gen- 
eration and message-signature-verification method us- 
55 ing an IC card having an encryption function based on 
an asymmetry key algorithm, the message-signature- 
generatton and message-signature-verification method 
comprising the steps of: 



16 



RN.c;nncin- <:Fp 



1 1POl«;?A5 I H 



31 



EP 1 189 157 A2 



32 



driving an IC-card issuer to store a public key of its 
own in an IC card and distribute the IC card to users; 
driving the IC-card issuer to receive a public key of 
a third patty referred to hereafter as an agent, put 
an issuer signature to the public key of the agent by 5 
using a secret key of the IC-card issuer and return 
the signed public key of the agent to the agent; 
driving the agent to put an agent signature to data 

...by using a secret key of the agent; 
driving the agent to transnnit the public key of the io 

-agent, which was received from the IC-card issuer 
and has the issuer signature put thereto by the IC- 
card issuer by using the secret key of the IC-card 
issuer, to the IC card along with the data; 
driving the IC card to verify the public key of the 
agent with the issuer signature put thereto by the 
IC-card issuer by using the secret key of the IC-card 
Issuer; and 

driving the IC card lo verify the agenl signature put 
to the data by using the secret key of the agent in 
order to authenticate validity of the data. 

[0173] In accordance with a second aspect of the 

present invention, there is provided an application load- 
ing method comprising the steps of: 25 

driving an IC-card issuer to store a public key of its 
own in an IC card and distribute the IC card to users; 
driving the IC-card issuer to receive a public key of 
- an agent, put an issuer signature to the public key 30 
•s-'Of the agent by using a secret key of the IC-card 
. issuer and hand over the signed public key of the 
agent to the agent as an agent certification; 
driving a business enterprise referred to hereafter 
,as a service provider doing a business of loading 35 
an application into the IC card to transmit data rep- 
resenting a characteristic of the application such as 
a hash value of the application to the agent; 
driving the agent to put a signature to the charac- 
teristic of the application such as a hash value re- 40 
ceived from the service provider by using a secret 
key of the agent; 

driving the agent to return a combination of the 
signed characteristic of the application such as a 
hash value and the agent certification to the sen/ice ^5 
provider as an application authentication; 
driving the service provider to load a combination 
of the application and the application authentication 
into the IC card; 

driving the IC card to verify the agent certification 



by using a public key of the IC-card issuer stored in 

the IC card; 

driving the IC card to verify the signed characteristic 
of the application such as a hash value by using the 
verified public key of the agent, that is, the verified 
agent certification; 

driving the IC card to compute a hash value of the 
application; and 



driving the IC card to compare the verified hash val- 
ue with the computed hash value in order to verify 
validity of the application. 

[01 74] In accordance with a third aspect of the present 
invention, an tC card includes a security domain, which 
is an application or data for loading, deletion and man- 
agement of applications on the IC card, wherein: 

the security domain is created by an IC-card issuer; 
a predetermined restriction on application loading 
can be set in the security domain by the IC-card is- 
suer; 

the security domain Is loaded onto the IC card by a 
service provider; 

the service provider sets a secret key of an agent 
in the security domain later on; 
when an application Is loaded onto the IC card, va- 
lidily ol a signature put lo a public key owned by Ihe 
agent is verified by using a public key of the IC-card 
issuer stored in the security domain; and 
the public key of the agent is used for verifying va- 
lidity of a signature put to a hash value of the appli- 
cation in order to verify validity of the application. 

[0175] In accordance with a fourth aspect of the 
present invention, there is provided an application load- 
ing method for loading an application into an IC card by 
adopting the message-signature-generation and nnes- 
sage-signature-verificatlon method according to the first 
aspect and utilizing the security domain, the application 
loading method comprising the steps of: 

driving the IC-card issuer to hand over the agent 
certification and the security domain with a prede- 
termined restriction set therein to the agent; 
driving the agent to hand over the security domain 
and a key for the security domain to the service pro- 
vider; 

driving the service provider to store the security do- 
main in the IC card and setting a key therein; 
driving the service provider to issue a request for 
an application authentication to the agent and re- 
ceive the application authentication from the agent; 
driving the service provider to load a combination 
of the application authentication and the application 
into the IC card; and 

driving the IC card to verify validity of the application 
authentication In order to verify validity of the appli- 
cation. 

[01 76] In accordance with a fifth aspect of the present 
invention, there is provided an IC card capable of load- 
ing an application, the IC card comprising: 

a means for storing a security domain received from 
a service provider; 

a means for setting a key in the security domain in 
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conjunction with the service provider; 
a means for verifying validity of an application au- 
thentication attached to the application In an oper- 
ation to load the application; and 
a means for installing the application. 

[0177] In accordance with a sixth aspect of the 
present Invention, there is provided an IC-card issuer 
for executing the steps of: 

receiving a public key from an agent sending as a 

third party other than the IC-card issuer itself; 
putting a signature to the public key by using a se- 
cret l<ey of the IC-card issuer's own; 
returning the signed public key to the agent as an 
agent certification; 

creating a security domain according to claim 7 and 
setting a condition on the security domain; and 
handing over Ihe security domain lo the agent. 

[0178] In accordance with a seventh aspect of the 

present invention, there is provided an enterprise (or an 
agent) serving as a proxy for carrying out part of a busi- 
ness to manage issuance of IC cards by execution of 
the steps of: 

handing over a public key of the agent's own to a 

card issuer; 

receiving an agent certification with a signature of 
the IC-card Issuer put thereto by the IC-card issuer 
by using a secret key from the IC-card issuer; 
receiving a security domain from the IC-card Issuer; 
handing over the security domain and a key for the 
security domain to a service provider; 
receiving data representing a characteristic of an 
application such as a hash value of the application 
from the service provider; and 
putting a signature of the agent's own to the data by 
using a secret key and returning a combination of 
the signed data and the agent certification to the 
service provider as an application authentication. 

[0179] In accordance with a eighth aspect of the 
present invention, there is provided a service provider 

for: 

receiving a security domain according to claim 7 
and a key for the security domain from an agent car- 
rying out a proxy business of an IC-card issuer; 
stohng the security domain in an IC card and setting 
a key therein; 

transmitting data representing a characteristic of an 
application to be loaded onto the IC card such as a 
hash value of the application to the agent; 
receiving a combination of an agent certification 
and the data representing a characteristic of an ap- 
plication to be loaded onto the IC card such as a 
hash value of the application from the agent as an 



application authentication wherein a signature was 
put by the agent to the data by using a secret key 
of the agent; and 

transmitting a connbination of the application au- 
5 thentication and the application to the IC card. 

[0180] In accordance with an ninth aspect of the 
present invention, there is provided an IC-card mutual 
operating method among iC-card issuers whereby busi- 

10 ness enterprises (the IC-card issuers?) carry out IC- 
card issuing management businesses at the same time, 
and are each capable of issuing an application authen- 
tication to an IC card issued by any of the IC-card issuers 
receiving an agent certification in addition to an appllca- 

15 tion authentication to an IC card issued by Itself. 

[0181] In accordance with a tenth aspect of the 
present invention, there Is provided an IC-card mutual 
operating method among IC-card issuers each issuing 
an IC card whereby the IC-card issuers are each capa- 

20 ble of issuing an application authentication to an IC card 
Issued by any of the IC-card Issuers due to the fact that 
the IC-card issuers are each an agent. 
[0182] In accordance with an eleventh aspect of the 
present invention, there is provided a business to: 

25 

operate partial areas on an IC card; 
pay a rent for renting each of the partial areas on 
the IC card to a card issuer; and 
request a service provider to pay a fee for jobs such 
30 as loading an application and responding to Inquir- 
ies. 

[0183] In accordance with a tenth aspect of the 
present invention, there is provided an application load- 
35 ing method of loading an application onto an IC card us- 
ing a function of a security domain, wherein, 

a service provider is capable of loading an applica- 
tion only through the security domain; 
a condition is set In the security domain by a card 
issuer in accordance with a contract made with the 
service provider; and 

an application loading condition on the same IC 
card varies from service provider to service provider 
45 in dependence on a condition for each service pro- 
vider. 

[0184] In accordance with a twelfth aspect of the 
present invention, there is provided an IC-card issuing 
50 management proxy business wherein: 

an agent serves as a proxy for a plurality of IC-card 
issuers; 

the agent receives a request to load an application 
55 from a service provider; 

the agent transmits an application authentication 
with a plurality of attached agent certifications is- 
sued by the IC-card iss.uers to the service provider; 
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and 

the service provider is capable of loading an appli- 
cation into a plurality of IC cards by using the appli- 
cation authentication received from the agent. 

[0185] A 13th aspect of the present invention is an IC- 
card nnutual operating system among IC-card issuers 
whereby business enterprises carry out IC-card issuing 
management businesses at the same time, and are 
each capable of issuing an application authentication to 
an IC card issued by any of said IC-card issuers receiv- 
ing an agent certification in addition to an application 
authentication to an IC card issued by itself. 
[01 86] The 14th aspect is an IC-card mutual operating 
method among IC-card Issuers each issuing an IC card 
whereby said IC-card issuers are each capable of issu- 
ing an application authentication to an IC card issued by 
any of said IC-card Issuers due to the fact that said IC- 
card issuers are each an agent. 

[0187] The 15th aspect is a business carried out by 
an agent for IC card issuing management businesses, 
characterized by 

operating partial areas on an IC card; 

paying a rent for renting each of said partial areas 

on said IC card to a card issuer; and 

requesting a service provider to pay a fee for jobs 

such as loading an application and responding to 

inquiries. 

[0188] The 16th aspect is an application loading 
method of loading an application onto an IC card using 
a function of a security domain, wherein, 

a service provider is capable of loading an applica- 
tion only through said security domain; 
a condition is set in said security domain by a card 
issuer In accordance with a contract made with said 
service provider; and 

an application loading condition on the same IC 
card varies from service providerto service provider 
In dependence on a condition for each service pro- 
vider 

[01 89] The 1 7th aspect Is an IC-card issuing manage- 
ment proxy business wherein: 

an agent serves as a proxy for a plurality of IC-card 

issuers; 

said agent receives a request to load an application 
from a service provider; 

said agent transmits an application authentication 
with a plurality of attached agent certifications is- 
sued by said IC-card issuers to said service provid- 
er; and 

said service provider is capable of loading an appli- 
cation into a plurality of tC cards by using said ap- 
plication authentication received from said agent. 
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Claims 

1. An IC-card system comprising: 

a second organization , and a third organization, 
wherein: 

said second organization is capable of sup- 
plying at least first characteristic informa- 
tion characterizing a first organization in- 
volved in an Issuance of an IC card as well 
as serving as data used for rendering a 
service and second special Information of 
said second organization to a third organi- 
zation involved in presentation of service 
information; and 

said third organization involved in presen- 
tation of service information is capable of 
supplying at least a program of a desired 
application, said first characteristic infor- 
mation characterizing said first organiza- 
tion involved in an issuance of an IC card 
as well as serving as data used for render- 
ing a service and said second special in- 
formation of said second organization to 
said IC card. 

2. An IC-card system comprising: 

a second organization, and a third organization, 
wherein: 

said second organization is capable of sup- 
plying at least first characteristic informa- 
tion characterizing a first organization In- 
volved in an issuance of an IC card as well 
as serving as data used for rendering a 
service, second special information of said 
second organization and a program having 
a condition on loading service Information 
into said IC card to a third organization in- 
volved in presentation of service informa- 
tion; and 

said third organization involved in presen- 
tation of service information Is capable of 
supplying at least an application program, 
said first characlerislic information, said 
second special information of said second 
organization, said program having a condi- 
tion on loading service information into said 
IC card to said IC card and third character- 
istic information related to said program 
having a condition on loading service Infor- 
mation into said IC card to the IC card. 

3. An IC-card system comprising: 

a third-party organization and IC-card Issuing 
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organisation, wherein: 

said third-party organization is capable of 
providing a third organization involved in 
presentation of service information with: 5 

data connprising information obtained 
as a result of encryption of a public key 
of said third-party organization by us- 
ing a secret key of said IC-card issuing io 
organization and said public key; and 
data connprising Information obtained 
as a result of encryption of first intrinsic 
information characterizing predeter- 
mined information to be loaded into an ^5 
IC card by using a secret key of said 
third-party organization and said first 
Intrinsic information; whereas 
said third organization involved in 
presentation of service information is 20 
capable of providing said IC card with: 

the information to be loaded into 
the IC card; 

said data comprising said informa- 25 
tion obtained as a result of encryp- 
tion of said first intrinsic informa- 
tion characterizing said predeter- 
mined information to be loaded in- 
to said IC card by using said secret 30 
key of said third-party organiza- 
tion and said first intrinsic informa- 
tion; and 

said data comprising said informa- 
tion obtained as a result of encryp- 35 
tion of said public key of said third- 
party organization by using said 
secret key of said IC-card issuing 
organization and said public key. 

40 

An IC-card system according to claim 3 wherein 
said first intrinsic information is a hash value of serv- 
ice information. 

An IC card comprising: ^5 

an data storing area into which a desired appli- 
cation program can be loaded, and an operat- 
ing-system area, 

said IC card receiving: so 

data comprising information obtained as a 

result of encryption of a public key of a 

third-party organization by using a secret 

key of an IC-card issuing organization and ss 

said public key; 

said application program; and 

data comprising information obtained as a 



result of encryption of intrinsic information 
characterizing said application program 
by using a secret key of said third-party or- 
ganization and said first intrinsic informa- 
tion; 

wherein validity of said public key of said 
third-party organization can be verified and 
validity of said intrinsic information charac- 
terizing said application program can be 
verified on the basis of said public key of 
said third-party organization. 

6. An IC-card-issuing system comprising: 

at least, a receiver, a transmitter, and a card is- 
suing processing unit, wherein 
said IC card-issuing system is capable of: 

receiving a public key of a Ihird-parly or- 
ganization; and 

transmitting data comprising information 
obtained as a result of encryption of said 
public key of said third-party organization 
by using a secret key of an IC-card issuing 
organization and said public key to said 
third-party organization. 

7. An IC-card system comprising: 

at least, a receiver, a transmitter, and a 
processing unit of permission for loading appli- 
cation, wherein said IC-card system is capable 
of receiving first intrinsic information charac- 
terizing predetermined sen/ice information 
from an organization for providing said service 
infomiation to an IC card and providing said or- 
ganization for providing said service informa- 
tion to an IC card with: 

data comprising information obtained as a 
result of encryption of said first intrinsic in- 
formation by using a secret key of said IC- 
card system and said first intrinsic Informa- 
tion; and 

data comprising information obtained as a 
result of encryption of a public key of said 

IC-card system by using a secret key of an 
IC-card issuing organization and said pub- 
lic key. 

8. A service-providing system comprising: 

at least, a receiver a transmitter, and an appli- 
cation load processing, wherein 
said IC-card system is capable of transmitting 
first intrinsic information characterizing prede- 
termined service information to a third-party or- 
ganization, receiving: 
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data comprising information obtained as a 
result of encryption of said first intrinsic in- 
formation by using a secret key of said 
third'party organization and saidfirst intrin- 
sic information; and 5 
a public key of said third-party organization 
as well as data comprising Information ob- 
tained as a result of encryption of a public 
key of said third-party organization by us- 
ing a secret key of an IC-card issuing or- io 
gantzation and said public key 
and providing an IC card with at least: 

said service information to be loaded 
into said IC card; t5 
data comprising Information obtained 
as a result of encryption of said first in- 
trinsic information characterizing said 
service information by using said se- 
cret key of said third-party organiza- 20 
tlon and saidfirst intrinsic Information; 
and 

data comprising information obtained 
as a result of encryption of said public 
key of said third-party organization by 25 
using said secret key of said IC-card 
issuing organization and said public 
key. 

An IC-card system comprising the steps of: 30 

driving a third-party organization to receive da- 
ta comprising information obtained as a result 
of encryption of a public key of said third-party 
organization by using a secret key of an IC-card 35 
issuing organization and said public key from 
said IC-card issuing organization: 
driving said third-party organization to transmit 
blinded Information to said IC-card Issuing or- 
ganization; 40 
driving said third-party organization to transmit 
intrinsic information received from said IC-card 
issuing organization to a service-information 
providing organization wherein said Intrinsic in- 
formation imposes a predetermined restriction ^5 
on loading of service information Into an IC card 
for storing said service information and said in- 
trinsic information; 

driving said service-information providing or- 
ganization to transmit said intrinsic information so 
to said IC card; 

driving said service-Information providing or- 
ganization to transmit said service information 
along with data for authenticating said sen/ice 
information to said IC card through said intrinsic 55 
information; and 

driving said IC card to verify validity of said 
service infonmation to be stored therein by us- 



ing said intrinsic Information Imposing said pre- 
determined restriction on loading of said serv- 
ice Information. 

10. An IC-card system according to claim 9, wherein 
said restriction imposed by said intrinsic information 
is a restriction on at least one of the size of said 
service information to be loaded, the number of 
loading operations, the number of pieces of said 
service Infomiation to be loaded and a term of va- 
lidity during which said service information can be 
loaded. 

11. A service providing system comprising: 

a sender, a receiver, and an application load 
processing unit, wherein 
said service providing system Is capable of 
sending lo a Ihird-parly organizalion a first 
characteristic information characterizing a 
predetermined service information, and 
receiving said first characteristic information 
with information obtained as a result of encryp- 
tion of said first characteristic information by us- 
ing a secret key of said third-party organization, 
and 

a public key of said third-party organization with 
information obtained as a result of encryption 
of said public key of said third-party organiza- 
tion by using a secret key of an IC card issuing 
organization, and 
sending to an IC card 
at least, a loading information, 
a first characteristic information characteriz- 
ing said loading information with information as 
a result of encryption of said loading informa- 
tion by using a secret key of said third-party or- 
ganization, and 

a public key of said said third-party organization 
with information as a result of encryption of said 
public key of said third-party organization by 
using of an IC card issuer organization. 

12. An IC card system comprising: 

a third-party organization, an IC card issuer, 
and a service provider, wherein 
said third-party organization is capable of re- 
ceiving an information teaching that said third- 
party organization stands in place of said IC 
card issuer, 

said third-party organization is capable of send- 
ing to said IC card issuer a characteristic Infor- 
mation corresponding to said third-party organ- 
ization, 

said third-party organization is capable of send- 
ing Into said IC card an information making an 
characteristic information having a condition on 
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loading service information operate, and 
said service-provider is capable of loading un- 
der the condition on loading service informa- 
tion, at least, the sen/ice information, and the 
information making a characteristic information 5 
having a condition on loading service informa- 
tion, into said IC card including the character- 
istic information having a condition on loading 
service information, and 

said IC card is capable of confirming that the io 
loading service information is correct informa- 
tion that should be loaded into the IC card. 

An IC card system according to claim 12, wherein 
the characteristic Information having a condition on 75 
loading service information is one of selected a 
group consisting of Information of a capacity for 
loading, information of the number of times tor load- 
ing, information of the number of service informa- 
tion that is loaded into the IC card, and information 
of termination for loading service information. 

An IC card comprising: 

an data area into which a desired application ^5 
program can be loaded, and an operating-sys- 
tem area, wherein said IC card is capable of: 

loading an application and a program hav- 
ing a condition for an operation to store 30 
said application; 

setting key information for said program 
having a condition for storing said applica- 
tion on the basis of a program providing a 
predetermined condition to said operation 35 
to store said program; and 
verifying validity of characteristic informa- 
tion given to said application. 

An IC-card issuing system comprising: 40 

at least, a receiver, a transmitter, and a card is- 
suing processing unit, wherein 
said IC card-issuing system is capable of: 

45 

receiving a public key of a third-party or- 
ganization from said Ihird-parly organiza- 
tion; 

transmitting data comprising information 
obtained as a result of encryption of said 5D 
public key of said third-party organization 
by using a secret key of said IC-card issu- 
ing system and said public key to said third- 
part>' organization; and 

receiving a blinded secret key of a third- 55 
party organization from said third-party or- 
ganization at a request made by said third- 
party organization, providing said third- 



party organization with: 

said data comprising information ob- 
tained as a result of encryption of said 
blinded secret key of said third-party 
organization by using said secret key 
of said IC-card issuing system and 
said public key; and 
a program having a condition for stor- 
ing a desired application. 

16. An IC-card system comprising: 

at least, a receiver, a transmitter, and a 
processing unit of permission for loading appli- 
cation, wherein said !C-card system is capable 
of receiving a program having a condition for 
storing service information, said system capa- 
ble of 

transmitting said program having a condition for 
storing service information and data comprising 
information obtained as result of encryption of 
a secret key of a third-party organization by us- 
ing a secret key of an IC-card issuing organiza- 
tion and said secret key to said senyice infor- 
mation providing organization; and 
providing a service-information providing or- 
ganization with: 

data comprising information obtained as a 
result of encryption of Intrinsic information 
of service information by using said secret 
key of said !C-card system and said intrin- 
sic information; and 

data comprising information obtained as a 
result of encryption of said public key of 
said IC-card system by using said secret 
key of said IC-card issuing organization 
and said public key. 

17. A service providing system: 

capable of transmitting first intrinsic information 
determined uniquely to predetermined service 
information to a third party; 
used for receiving at least: 

said first intrinsic infomnation; 
data comprising information obtained as a 
result of encryption of a secret key of said 
third-party organization by using a secret 
' key of an IC-card issuing organization and 
said secret key; 
and 

data comprising information obtained as a 
result of encryption of a public key of said 
third-party organization by using a secret 
key of an IC-card issuing organization and 
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said public l<ey; and 

capable of providing an IC card with: 

said first intrinsic information; 
data comprising information obtained as a 
result of encryption of a secret key of said 
third-party organization by using a secret 
key of an IC-card issuing organization and 
said secret key; and 

said data connprising information obtained 
as a result of encryption of said public key 
of said third-party organization by using 
said secret key of said IC-card issuing or- 
ganization and said public key. 

18. A IC card system comprising: 

a first organization, a second organization, and 
an on-line system between said first organiza- 
tion, said second organization, wherein 
said first organization is capable of sending a 
information which permits loading an applica- 
tion for an IC card which is published by said 
first organization, and 

said first organization is capable of sending an 
information which designates that said first or- 
ganization stands proxy for said second organ- 
ization and an information which permits load- 
ing an application for an IC card which is pub- 
lished by said second organization. 

1 9. ■ A !C card system comprising: 

a first organization, a second organization, and 
an on-line system between said first organiza- 
tion, said second organization, wherein 
at least, said first organization is capable of 
sending an information which designates that 
said second organization stands proxy for said 
first organization , and said second organization 
is capable of sending an information which des- 
ignates that said first organization stands proxy 
for said second organization, and 
said first organization is capable of sending a 
information which pennits loading an applica- 
tion for an IC card which is published by said 
first organization, and 

at least is capable of providing an information 
which designates that said first organization 
stands proxy for said second organization and 
an information which permits loading an appli- 
cation for an IC card which is published by said 
second organization, and 
said second organization is capable of sending 
a information which permits loading an applica- 
tion for an IC card which is published by said 
second organization, and 



at least is capable of providing an information 
which designates that said second organization 
stands proxy for said second organization and 
an information which permits loading an appli- 
5 cation for an IC card which is published by said 

first organization. 

20. An application loading method comprising: 

10 a step of loading an application to an IC card in 

dependence on a condition for loading an ap- 
plication, the condition being in the IC card, 
a step of loading each condition for loading a 
plurality of applications^ 

15 a step of loading each of said applications, 

wherein said each condition is given by an an- 
other organization from an application provider. 

20 21. An IC card system comprising; 



a third-party organization, a plurality of service 
providers, a plurality of card issuing organiza- 
tion and an on-line system between said third- 
party organization, said service providers, 
wherein 

said third-party organization is capable of send- 
ing an information which designates that said 
third-party organization stands proxy for each 
of said (C card issuing organization, and 
when said third-party organization receives 
from at least one of said service providers an 
requirement for loading an application, said 
third-party organization is capable of sending 
to said service provider an information which 
designates that said third-party organization 
stands proxy for said IC card issuing organiza- 
tion, and an information permitting loading an 
application which is required to load, and 
when said service provider receives from said 
third-party organization an information which 
designates that said third-party organization 
stands proxy for said IC card issuing organiza- 
tion, and an Information permitting loading an 
application which is required to load, said serv- 
ice provider is capable of providing the applica- 
tion. 
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